This adds support for authenticating using client certificates when
connecting to a remote dcrwallet instance that requires them.
dcrwallet now requires client certificates for authentication when
connecting to its gRPC interface, so this PR modifies the wallet
unlocker service to use an appropriate combination of key and cert when
connecting to the wallet.
There are two possible sources for the key+cert pair: either specified
via CLI args or directly during an Unlock() call to the WalletUnlocker
service.
The first alternative is used on dcrlnd instances that have been
manually configured to use the remote wallet mode.
The second alternative is used on Decrediton-initialized wallets, where
an ephemeral key+cert pair is generated and passed from dcrwallet to
Decrediton via IPC messages and is then relayed to dcrlnd during
startup.
The itest harness was also updated to reflect the need for client certs
when testing the remotewallet implementation. For simplicity, the
existing rpc.key and rpc.cert are used for client authentication as
well.
~rebased on top of #109~
This adds support for authenticating using client certificates when connecting to a remote dcrwallet instance that requires them.
dcrwallet now requires client certificates for authentication when connecting to its gRPC interface, so this PR modifies the wallet unlocker service to use an appropriate combination of key and cert when connecting to the wallet.
There are two possible sources for the key+cert pair: either specified via CLI args or directly during an Unlock() call to the WalletUnlocker service.
The first alternative is used on dcrlnd instances that have been manually configured to use the remote wallet mode.
The second alternative is used on Decrediton-initialized wallets, where an ephemeral key+cert pair is generated and passed from dcrwallet to Decrediton via IPC messages and is then relayed to dcrlnd during startup.
The itest harness was also updated to reflect the need for client certs when testing the remotewallet implementation. For simplicity, the existing rpc.key and rpc.cert are used for client authentication as well.